To troubleshoot Windows, you need to know the components. The architectural
diagram below, identifies the major operating system components.The most
important division is between

user mode which is intended for application
programs and

kernel mode which is intended for the
operating system.

In kernel mode, any computer instruction is
possible, whereas in user mode, application programs are protected from each
other. Instructions are restricted and programs are not allowed to directly
access each others memory. If a user mode application violates these rules, it
is shut down by Windows and Dr. Watson appears.

NTVDM DOS
Win16 Win32 subsystem

Security subsystem

POSIX / OS/2 subsystems

Services

User Mode

Kernel Mode
Executive Services

Cache Manager

File System Drivers

Network Drivers

Hardware Device
Drivers

Object Manager

Security Reference Monitor

Process Manager

Local Procedure Call
Facility

Virtual Memory Manager

Window Manager

Graphics Device
Interface

Graphics Device
Drivers

Microkernel

HAL Hardware
Abstraction Layer

Hardware

Dynamic Link Libraries

DLLs are a way to share program code and save
memory. DLLs are libraries of executable code that can be shared my multiple
programs. All versions of Windows have provided services with DLLs. The newest
versions of Windows still implement the basic interfaces with the same 3 DLLs.

1. GDI32.DLL
2. KERNEL32.DLL 3. USER32.DLL

In previous versions of Windows, installation
programs would update Windows DLLs. If an updated DLL was incompatible with an
existing program, then that program would no longer work properly. Reverting
back to the old DLL may make the new program fail. This situation is commonly
referred to as DLL hell. Microsoft's solution to this is WFP
Windows File Protection and Application
compatibility mode.

Command Interpreters

Windows provides two command interpreters.
COMMAND.COM should only be used to provide compatibility for legacy
applications. Use CMD.EXE for processing normal commands. It has more
functionality and it takes less system overhead.

Interpreter

Description

CMD.EXE

Windows 32-bit command console

COMMAND.COM

DOS 16-bit command console

Limited functionality

For legacy compatibility

Higher overhead from NTVDT.EXE

Can't close gracefully using a mouse

Use CMD.EXE instead

Legacy is the nice word for old

DOS

To support each DOS application, Windows launches NTVDM.EXE to
create a VDM, Virtual DOS Machine. Each DOS application has an associated NTVDM
to provide a separate memory space and a separate queue for keyboard and
mouse input. DOS applications use the normal DOS interfaces for services
and hardware access and VDM delivers the results in the same manner as a real
DOS machine.

Support for 16-bit applications can be disabled by disallowing
access to the NTVDM.EXE file.

To run a 16-bit application in its own separate
memory space with an independent NTVDM, check the option in the Advanced
Properties of the application shortcut as shown in the following dialog.

Keyboard
Exercise

Launch COMMAND.COM and then use Task Manager to
find the NTVDM process. If you launch an old Win16 16-bit Windows application,
you will also see WOWEXEC as in the following dialog. Note how WOWEXEC and the
Win16 winmin.exe are indented in the processes list.